Friends don't let friends use POP3

November 13, 2009

Quickly helping a friend set up email on his phone turned into a three hour saga as we migrated his business from POP3 to IMAP.

My friend Marvin (not his real name) runs his own international business, with around half a dozen employees. For around six years, the company website and email have been hosted in Australia and Marvin has been very happy with the service. Then Marvin went out and bought an iPhone, and that's where the trouble started.

Marvin came around for dinner recently and asked me if I could set up his work email on his new love, an iPhone 3GS. No problem I said, knowing it only takes a few minutes to set up email on an iPhone. Marvin was already accessing his email via Entourage on his MacBook Pro, so I asked him if he was using IMAP or POP3. He looked at me blankly as if I was speaking another language.

For a moment I found it hard to believe that a man who is aiming for a million dollar turnover next year wouldn't know whether his own email client was using IMAP or POP3. Then I had to remind myself that he's a human resources consultant - he understands people, not computers. He doesn't care whether his email client uses IMAP or POP3, he just wants it to work so he can get on with running his business. To be honest, that's how most business people approach computers - the same way I approach my car. I don't know how it works, I just want it to get me from A to B.

We logged into Marvin's webmail account and discovered a whole heap of folders on the server, so I assumed he was running IMAP. In a nutshell, IMAP is designed to keep your email in sync between multiple devices. This means you can read a new email using your desktop email client (like Outlook), smartphone (like iPhone) or webmail (through Firefox) and know that email will be automatically marked as read on each device. It also means you can create folders on the server.

If you're using POP3 then your devices can't stay in sync. Worse yet, if you're using POP3 and not leaving a copy of each email on the server then once you check your email via your smartphone, those new emails won't show up on your desktop. In short, if you're using a more than one device to check your email then it's very good idea to use IMAP rather than POP3.

Like I said, Marvin's webmail account was full of folders on the server so I assumed he was already using IMAP. Then I looked a little closer and discovered those folders didn't correspond with his current inbox and sent messages. Looking over my shoulder, Marvin realised these folders on the server contained lost emails he hadn't seen for years - some dated 2003 and others dated 2006. Checking Entourage revealed that he was currently using POP3 to check his email. It was all very confusing.

After chatting further to Marvin I discovered he started out accessing his email from Windows using Outlook. Later he switched to Thunderbird, before switching to a Mac and Entourage. What I could see on the server was a set of IMAP folders created by Outlook in 2003, and a second set created by Thunderbird in 2006. Emails in these folders were lost every time Marvin changed email clients and created a new set of folders. I've managed to switch email clients on my computers in the past without this problem, but only because I'm a tech-savvy user who knows the difference between POP3 and IMAP.

While Marvin has been happy with his web hosting and email service, the online instructions for setting up your email aren't great. The online documentation doesn't mention IMAP - instructing you to set up everything as POP3.

I could have set Marvin up with POP3 access to his email from his iPhone and left it at that, but it would have been a mess. It would be the equivalent of popping the bonnet on his car to check the oil and ignoring the leaking radiator and worn fan belt. I was ready to switch Marvin to Fastmail, my email provider of choice, until I dicovered his provider supports IMAP. Considering the online instructions only refer to POP3, I still don't know how Marvin managed to initially set up Outlook and Thunderbird using IMAP - maybe they've changed their online documentation since then, or maybe it was just a fluke.

What I ended up doing was creating a new account profile in Entourage using IMAP, which created yet another set of IMAP folders on the server. I then dragged Marvin's current email into the IMAP inbox in Entourage, which also synced them with the server. Now he could send and receive email from Entourage or his iPhone and have everything stay in sync. He was very impressed, not having previously realised such things were possible. Next we took all the emails from the long-lost server folders and copied them into his new inbox, so he can sort them out later.

UPDATE: I missed a step here that I should have mentioned. I set Entourage to automatically download the entire email. IMAP clients tend to only download the headers until you click on an email to read it, which is obviously a problem if you've gone offline (such as sitting on a plane). Most IMAP-enabled email clients offer the option of downloading the entire email. Now Marvin has a full copy of each email sitting on with MacBook Pro, plus a backup copy still sitting on the server. His iPhone only downloads the headers by default, which helps cut down on bandwidth.

The final step was to redirect the five other work email accounts that he was checking from Entourage using POP3. Now the main account checks these accounts automatically on the server via IMAP, so he can access all of them from the one main email account. Again, he hadn't realised such things were possible.

The important thing for Marvin is that, as far as he's concerned, his email still works the same way as before. My aim was to ensure that I didn't force him to reorganise his business to suit his email system. The only change for him to keep in mind is that he needs to make sure he doesn't leave too many emails on the server, as his inbox will eventually reach its limit. Thankfully Marvin is a deleter rather than a hoarder, so this shouldn't be too much of a problem.

Marvin's email setup was a ticking time bomb, just waiting to wreak havoc on his business. Once I realised the mess it was in, I couldn't in good conscience leave it the way it was. Friends don't let friends use POP3.

Post a comment

Comments Terms & Conditions

When posting comments on our blogs, you agree to be bound by our terms and conditions.
Comments that are offensive, defamatory, unsuitable or that breach any aspects of the terms and conditions will be deleted.

I'm a network administrator who deals with a multitude of users on POP3, IMAP, Lotus Notes (Domino) and Microsoft Outlook (Exchange) email clients. POP3 (not SPOP) is by far the worst of these from a security standpoint alone (not to mention the all-over-the-place nature of it as described in this article) as your username and password are passed *in* *cleartext* across the internet (for those not on a LAN or using a VPN or a leased line to their mail server)...EVERY TIME you send or receive emails. Most POP3 clients are set up to do this every 1-5 minutes by default. That's a lot of opportunities for someone sniffing internet traffic to gain access to your email account.

Oh.

So.

Insecure.

Teresa

November 13, 2009

07:10 PM

Thanks Adam for your article. We certainly need more like this.

Al

November 13, 2009

08:07 PM

I access several email accounts - some using POP3 and some using IMAP. Is IMAP slower than POP3? I find that when synchronising my IMAP account, it takes far longer than to download messages using POP3.

I am using Windows Live Mail as my email client as it allows me to access my Hotmail account in an IMAP-like manner.

Great blog by the way!

Alex

November 13, 2009

08:38 PM

Why not just do what everyone else does and set the POP3 mail client in the phone to NOT delete the emails from the server and use one machine (a desktop) to be the one which downloads and removes them from the server ? Been doing this for years on numerous devices with the same account. Never had a problem and never seen the need to move to a weighty IMAP service.

vdev

November 13, 2009

09:47 PM

All well and good as long as you trust your ISP to keep your mail. You can configure some email clients to download it locally but otherwise it's at the mercy of the ISP.

And you know how well that went for Microsoft/Danger recently.

No thank you - I'll use POP (secure) and keep may mail under *my* control, thank you.

maestro

November 13, 2009

10:44 PM

Aequitas, you don't have to let POP send the password in cleartext. Just set you email client to use SSL or TLS and all communications will be encrypted (including username, password and email contents).

For the record, I use IMAP, but POP certainly has its advantages (like the previously mentioned loading emails from another account). Both POP and IMAP have their uses, it's just a matter of knowing which one fits your situation.

JasonW

November 13, 2009

10:47 PM

Nice blog, but people must also understand that if they don't have a connection to their server, then they cannot access their email with IMAP. Judicious use of POP3 (i.e. don't remove emails off the server when you download) does mean that you at least have a local copy. Also, as 3G can get expensive for downloads people must understand that they also are paying each time they view the email too with IMAP.

No POP

November 14, 2009

01:09 AM

Personally, I originally thought the article was not very interesting as I knew all that stuff UNTIL I got to the second comment about POP3 security - are you for real??? I am turning it off straight away. I am so annoyed my webmail client will not provide IMAP despite repeated requests to do so (but that's another story). Thanks for the article and in particular Aequitas
November 13, 2009 07:08 PM

Brettr

November 14, 2009

03:26 AM

Aequitas is incorrect. POP3 has encryption as part of it's standard and all the clients I'm familiar have it available.

JM

November 14, 2009

05:26 AM

If your email provider has a good email backup strategy, using IMAP provides another backup of your valuable email.

FastMail has another cool feature, you can disable POP access to an account to stop an accidental POP setup.

FastMail also provides a Copy on SMTP feature to save your sent email even if your mail client doesn't support it.

Chris

November 14, 2009

05:46 AM

It's no wonder Marvin's ISP only provides POP3 instructions. ISPs seriously want people to use POP3 despite the security issues and the inability to use multiple clients.

After all, when someone uses POP3 it usually involves downloading and removing the email from the server. ISPs like that "removing from the server" part. Pesky customer emails using up storage on the server. Pah! Let them use their own disk!

All my clients are steered toward IMAP.

(IMAP user since... oh, 1995?)

ncv

November 14, 2009

05:58 AM

Great Blog. I was just looking at a colleague's email setup on his iphone today. I couldn't believe that hotmail was only POP3. Time for him to move to Gmail i'd say.

tim-e

November 14, 2009

01:26 PM

pop3 needs to be banned from the internets. It is outdated, insecure, and as the article says, not suitable for viewing mail across multiple clients and/or devices.

I've been using .Mac/MobileMe for 4 years now (IMAP) and it is great!

fentman

November 14, 2009

01:27 PM

VideoGuy - Hotmail won't, but Gmail has for the past year, but you do need to go into settings and enable it (like pop3 access)

AI - POP3 is quick and nasty, it'll grab the latest unread emails and download them to the email client and done, folders and past messages don't exist except within your mail program.
IMAP allows you access to your full mailbox (multiple folders, read and unread emails). The one downside is if the email client doesn't store those emails properly it may pull those down over and over again. That might explain why you're seeing slower performance.

Cameron

November 14, 2009

01:30 PM

POP3 does have advantages over IMAP. I suspect the main reason the instructions for the e-mail client setup specified POP3 was because they don't want your e-mails sitting on their server forever and a day. If you leave the e-mails on a server, then you face restrictions on how much storage they give you, I know with some isp's in the past this was as little as 10mb, so using IMAP there was very restrictive.

But in this day and age with the price of storage, and the fact that even non-business people will use multiple devices to access e-mail protocols like IMAP and ActiveSync should be used far more often. Hopefully.

Lamb

November 14, 2009

04:51 PM

Your article reminds me how I now start quivering with fear when a "friend" asks for help, I say sure, should only take 5 mins, 2 hours later....

Webslave

November 14, 2009

05:50 PM

Well that sounds monumentally stupid. POP3 works just fine for multiple devices - tell them all to leave mail on the server and tell one of the devices to delete mail from the server after a week. Problem solved.

Ooh, IMAP, my secret lover... Give me a break.

DTM

November 14, 2009

10:42 PM

I wish someone would kick Yahoo up the arse and get them to switch IMAP on. How hard can it be?

Glenn

November 15, 2009

06:53 AM

To Aequitas,

IMAP can have its password sent as plaintext as well, and generally there are encryption options for both imap and pop3 email passwords. i.e. rather than plaintext, MD5 challenge response may be better.

Plus both protocols support SSL ports generally, and TTLS for having encryption occur on the standard ports.

In regards to IMAP vs POP3, I often use POP3 because my ISP has limited quota, and IMAP relies on you storing your emails on the server generally. POP3 is also better from a backup point of view, since it'll be downloaded onto your PC, meaning if you change your ISP you don't suddenly loose all your emails.

Apple-let

November 15, 2009

11:35 AM

A great txs from me too Adam :)

Follow-up question for you. I also have a number of email addresses & for all the same reasons have finally decided to 'funnel' them into my brand-spanking new Apple MobileMe account. Apple charges an annual fee for this aggregation service. I have decided to take the byte & now have a shiny iMac & glistening iPhone & recently added MobileMe to the cresh. I love all my 'Fruity' devices & services don't get me wrong.

Now then, do I understand you correctly that I could've achieved the same by using Entourage? ie Shouldnt have to pay for this facility by using existing Apple products I have already purchased? ps I don't (yet) use any of the add-ons Apple's MobileMe offers like iDisk etc. which then clearly would be of value.

I'd be interested to hear your comments.

Kind regards,
Apple-let

Entourage is email software that runs on your desktop, whereas MobileMe is an email service. Most of what you can do via MobileMe you can do via Gmail for free, like IMAP email and calendar and contact sync. Gmail does't offer iDisk, nor does it offer a few extra features like finding your phone using GPS. You could use Entourage and your email client, but it's worth checking to see if Apple Mail and iCal meet your needs.
Adam

Sammy01

November 15, 2009

11:14 PM

This is ridiculous. POP3 is much more widely supported and there are security solutions available. I have my clients set to delete mail after 7 days and don't usually have any problems.

Only a fool trusts a 3rd party to keep his email safe. If it's not on your machine, you don't have it. If it's important, have multiple backups (including off site backups that are regularly updated).

Wilf

November 16, 2009

03:58 PM

Valuable information - thanks.
I use POP3 and have been nervous about security.
No-one has mentioned that it's usually the ISP which doesn't enable the encryption on POP3 log - in, even though our clients can be configured for it.

The ISPs count on you connecting via the phone line/DSL to their server. That makes only the web based POP the liability.

Hotmail POP asks you to not to enable SPA (secure password authentication) but insists you set the incomming and outgoing servers as secure. I'm not sure where that leaves us in keeping log-in and password secure. Looks like zilch - which wouldn't be nice from MS.

TerryH

December 11, 2009

12:48 PM

I have a hosting company who only provides POP3 email managed via Outlook. Shared calendar is on Google accessed via a browser. Now adding an iPhones! Any suggestions on the best way to manage?

POP3 email to iPhone without deleting off the server and still use Outlook to manage/delete (but sometimes handling emails twice), or maybe use GMail to consolidate?

Is it best to access Google Calendar on the iPhone with Safari or use an app?

Then there are contacts...

Thanks.

Hi TerryH, consolidating your email through Gmail and accessing via IMAP should make life easier. You can sync the iPhone's calendar and I think contacts with Gmail using third-party services like www.nuevasync.com - I've been using it on an iPhone for almost 12 months with no complaints.

Rapid

January 28, 2010

11:07 AM

Seriously..... IMAP or POP3? It doesn't matter unless a Luddite is setting it up. Just set your pop account to leave a copy on the server until it is deleted. IMAP is fine if you own the server it is running on. If not, you have to trust a hosting company to keep your mail safe. I have backups of my important Pop emails going back to 1996. It all depends on the user.

Comments Terms & Conditions

When posting comments on our blogs, you agree to be bound by our terms and conditions.
Comments that are offensive, defamatory, unsuitable or that breach any aspects of the terms and conditions will be deleted.

Aussies love their gadgets. Mobiles phones, MP3 players, notebooks, GPS, if you can carry it, we’ll buy it. Gadget guru Adam Turner embraces the way of the road warrior, hitting the open highway in search of all things mobile.